ramnit

Sharing

Copy URL

Twitter E-mail

General

Target

72f633f58d227097bfdecfe376d43a33_JaffaCakes118
Size

8.2MB
Sample

240525-xt72zseg9t
MD5

72f633f58d227097bfdecfe376d43a33
SHA1

326ddce87207893711a87ba68b53a61da368947c
SHA256

c65046f87d5ceebfe71df19347ce5e768354b4a160d9b9f5b4a753c5dab06ff2
SHA512

ed8c23be8ca9126b7870c0cdb6c0d8cb20213b1d5b8781db6f6574825e5fcb982c6a11890f0afd4165cf8b07b824bb401f3b7b916a85548c8f74b2dbf4714556
SSDEEP

196608:uB0vB4AxB1OsjEO99SacEYaokwEfV5vrI4FgBDpbY:uBG4oSagb/2jIkgTbY

Score

10^/10

Malware Config

Targets

- Target
  
  72f633f58d227097bfdecfe376d43a33_JaffaCakes118
- Size
  
  8.2MB
- MD5
  
  72f633f58d227097bfdecfe376d43a33
- SHA1
  
  326ddce87207893711a87ba68b53a61da368947c
- SHA256
  
  c65046f87d5ceebfe71df19347ce5e768354b4a160d9b9f5b4a753c5dab06ff2
- SHA512
  
  ed8c23be8ca9126b7870c0cdb6c0d8cb20213b1d5b8781db6f6574825e5fcb982c6a11890f0afd4165cf8b07b824bb401f3b7b916a85548c8f74b2dbf4714556
- SSDEEP
  
  196608:uB0vB4AxB1OsjEO99SacEYaokwEfV5vrI4FgBDpbY:uBG4oSagb/2jIkgTbY
Score

10^/10

ramnit banker spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/ButtonEvent.dll
- Size
  
  4KB
- MD5
  
  fad9d09fc0267e8513b8628e767b2604
- SHA1
  
  bea76a7621c07b30ed90bedef4d608a5b9e15300
- SHA256
  
  5d913c6be9c9e13801acc5d78b11d9f3cd42c1b3b3cad8272eb6e1bfb06730c2
- SHA512
  
  b39c5ea8aea0640f5a32a1fc03e8c8382a621c168980b3bc5e2897932878003b2b8ef75b3ad68149c35420d652143e2ef763b6a47d84ec73621017f0273e2805
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/MyNsisExtend.dll
- Size
  
  596KB
- MD5
  
  37e4e1ab9aee0596c2fa5888357a63b0
- SHA1
  
  a5dba8c0a1bd936dca2b6a81f2dc9a3005f1a2b6
- SHA256
  
  ff4b245fea98cedd881ca102468623a449a0b40df0c557dd8a6ea32e788d56fe
- SHA512
  
  5cbab2872683079c6cc09423a2baf7107b5ac5731f336cd237fa93a4a4ee53a127963dc0ec0dbc6168b9b3d2c3a881c7663ce4ecd84d964628dd566395d49bb3
- SSDEEP
  
  12288:1QXznhWxifqPG8yDAay0BQeMrtQW27ZJ6ObWTE5lqtmsVsIdj:1QXznYybPJnWTE5lqwsKG
Score

10^/10

ramnit banker spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/NSISdl.dll
- Size
  
  14KB
- MD5
  
  a5f8399a743ab7f9c88c645c35b1ebb5
- SHA1
  
  168f3c158913b0367bf79fa413357fbe97018191
- SHA256
  
  dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9
- SHA512
  
  824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977
- SSDEEP
  
  192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  67KB
- MD5
  
  bd05feb8825b15dcdd9100d478f04e17
- SHA1
  
  a67d82be96a439ce1c5400740da5c528f7f550e0
- SHA256
  
  4972cca9555b7e5dcb6feef63605305193835ea63f343df78902bbcd432ba496
- SHA512
  
  67f1894c79bbcef4c7fedd91e33ec48617d5d34c2d9ebcd700c935b7fe1b08971d4c68a71d5281abac97e62d6b8c8f318cc6ff15ea210ddcf21ff04a9e5a7f95
- SSDEEP
  
  1536:2IfbmtOpUtoqoQvfDrghNT+2w8mbJ1/NfSttVx:bfi4GoqVvbaNXubJ1JI
Score

10^/10

ramnit banker spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/locate.dll
- Size
  
  17KB
- MD5
  
  7d3317f57c1a368480ace3c0ca804eeb
- SHA1
  
  d4c7e185bc64aac82339f51ba6c21cf0713c9f1a
- SHA256
  
  d88a04c1e39db583eaad727fd390fe599ab10198ee040bfbdd22daefadbd2372
- SHA512
  
  5598c2e6caa2f66edd48f8c8305e054d4b0740b5f2b7ed92cf197a13ac66ba99a32013d34b3c2e28d007ab7979eb90a50681324eb736b1410e7df1902e4ec32a
- SSDEEP
  
  384:ev/vPBkA6dK8wiLe45naPji7hpx2kRV+qgm:evyvwiNnGji7Xxjc8
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  c10e04dd4ad4277d5adc951bb331c777
- SHA1
  
  b1e30808198a3ae6d6d1cca62df8893dc2a7ad43
- SHA256
  
  e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a
- SHA512
  
  853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e
- SSDEEP
  
  96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420
Score

3^/10
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/nsRandom.dll
- Size
  
  77KB
- MD5
  
  d86b2899f423931131b696ff659aa7ed
- SHA1
  
  007ca98f5d7921fe26fb9b8bd8a822dd5ae09ed6
- SHA256
  
  8935cba8e9b276daa357a809e0eca3bebf3fdc6d0d3466ab37fb2cbbfacd3a94
- SHA512
  
  9a4437ab484e4e22597c642d21b0107a063a208a582df3a5bf276466ad8d0ba9aeebac6de8dcf1372939984bb187d58e94c799918cfbe80e85c958bf0a537fc7
- SSDEEP
  
  1536:/lKXi95r2UwOpUtoqoQvfDrghNT+2w8mbJ1/NfSttVx:sgr2eGoqVvbaNXubJ1JI
Score

10^/10

ramnit banker spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/xml.dll
- Size
  
  175KB
- MD5
  
  0ad70d0ebf9562e53f2fd9518c3b04a3
- SHA1
  
  4de4487e4d1e87b782eceb3b74d9510cc28b0c70
- SHA256
  
  3bd4a099f0e0eefeaacfdba6c0ab760b6e9250167ba6a30eafaa668ca53ce5e9
- SHA512
  
  f75e089f7eb44071f227cd9705b8e44982429f889f93230e98095aac60afc1bdd39a010787235c171cd9fb9ead8023043b147022ab007e8cf1c3204064905719
- SSDEEP
  
  3072:vzjLkarn7O+n9z2L6whFtGF42bKgGoqVvbaNXubJ1JI:vzP7n7O7L6K2lqVvWIdjI
Score

10^/10

ramnit banker spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral17 behavioral18
- Target
  
  $TEMP/$_89_/MyNsisSkin.dll
- Size
  
  384KB
- MD5
  
  a6039ed51a4c143794345b29f5f09c64
- SHA1
  
  ef08cb5dfa598d9d5b43b8af49f54b2c7dac00d4
- SHA256
  
  95ae945504972cadcf2ccfb2b3d02ea8cade3ee53f2f2082e8b40b61f660877a
- SHA512
  
  0ed3d0c070bfd91e2355aec5a30ad5cbaf6949c965af5e0ee1ecf2edd5f5aeba3819b4667a0301f8b52c8fd56d3bae35fa4f77063d56c8f89055784d0c0a30a8
- SSDEEP
  
  6144:yOrNKQjNQnWqJolkFucBm1fXr9ICcYerKJbYm3IyU5qVvWIdjI:y4NKQjNQfqOuEm1fXncdrKJbJgtIdj
Score

10^/10

ramnit banker spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral19 behavioral20
- Target
  
  OpenAL32.dll
- Size
  
  168KB
- MD5
  
  5376a2179ee336fdd580b33e188b3b41
- SHA1
  
  71db8c33d7a259e535f408f41def92ac4a18acd1
- SHA256
  
  e3e20c91a105aa7a958a2c6bc1267e546c8c18ca5ef14806b788e9cf9dcdb5b8
- SHA512
  
  c51f9f3b104154c47e557d131d6f9735d38968d9268596a707c05c0d98449356f2bfa82184136b0408df89d2ae23217e21c8a40483286a9f9a360929bb735a74
- SSDEEP
  
  3072:zt/j93T459N5fhIhJt1xuTE1uH+NcWZwEdxXgR:ztrNyN5fEa+qWZ/O
Score

10^/10

ramnit banker spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral21 behavioral22
- Target
  
  SDL.dll
- Size
  
  2.0MB
- MD5
  
  b4acf6c845919c094ce74e0ab20155e1
- SHA1
  
  7209f946152f0dfd4ad4869bd9f5434b6d2efc4c
- SHA256
  
  549288fb9a81fd07a2e3505d39acf9d8b74ad1f7c62a29e6f04984f69f0778ca
- SHA512
  
  5cd1a80a2a37eb3a7e0cd8d04e35454630105d47b01bd2e965ef50a178825f3e93c26136f11219fd0b8e179cc56651538cd13edd9ed2e00999244fb254eb9343
- SSDEEP
  
  49152:3bgXeSJJW0VraVsI1V0+tVIjtW+JPZcS0Zo9h6o/H:3bgX5JW0VraVsI8H
Score

1^/10
behavioral23 behavioral24
- Target
  
  cg.dll
- Size
  
  4.7MB
- MD5
  
  b698513d3757545edc1328e6bea3eb15
- SHA1
  
  b8f3889dc32db6f9a8287b91d95952942743bfd0
- SHA256
  
  68d0bd4dbb3c1c26acc6a1c8741ec19f954b82571328edb3acd5bd2fd41bad82
- SHA512
  
  9c831c06130dd120012d3f5491c288682dfd8eda92813c83accefc2050b55ca42f71f965e182cfcb2666128041d7cdceaf03f8285d26d063bfcb909a3b24988e
- SSDEEP
  
  49152:8Pa020/OfOQka+NfXfkqa4B0vNv+sDEFs8cuO:8PP20/TvaUHkqaNWuEy
Score

10^/10

ramnit banker spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral25 behavioral26
- Target
  
  cgGL.dll
- Size
  
  360KB
- MD5
  
  625a3581a2caf73e6b7e0b0ea163cad9
- SHA1
  
  3723b0b6406bcd816729164676ef8e913bbdd849
- SHA256
  
  84c3920a91a3e644e99e3a9409b616db5b8b6651371b4c2e63a55a7e99077314
- SHA512
  
  89dfe1cb6d223146fff0413ac49f5214b81dd8f92917dbc512b5513f0f940b085f0b229343005453a7ee3e9ec4953c37521f75c797afd6eed06c3b0707a6e18a
- SSDEEP
  
  6144:mKKAmwtZtp6IbQymTQ3vUj5j4Hm4RVqRWc+qWZ/O:NKAmwtZtplSTysj5Am4g+z
Score

10^/10

ramnit banker spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral27 behavioral28
- Target
  
  glew32.dll
- Size
  
  260KB
- MD5
  
  2c12b6f28ffdd52edaa38bdd3ebf5c4e
- SHA1
  
  bc52f878bf30e196cb5260ebde2bacf35ca28216
- SHA256
  
  f7b6d84a1235fd0e7cc8aa70899ee22974bc4420167af3a2e4af31f6c48a44b2
- SHA512
  
  32ed972505c7580e269b1d14fccd3d88c2b455472a49571d3e99d070acd202b3c712b5b852290bacc15b817584ffaf0dce89c53ea40aba3b97bffbcb699378e4
- SSDEEP
  
  6144:f+6jV+Uog1eEecAnfzo8O9aORdhWfDwt30:fZjV+79O3Ub
Score

3^/10
behavioral29 behavioral30
- Target
  
  protozoa.exe
- Size
  
  446KB
- MD5
  
  e2483e0fbce7217101ba1e0cb49026c1
- SHA1
  
  62788e0e7c29811c87bcd636ad12c3f8db1d81b3
- SHA256
  
  2e8a4183f3340095e2aa0988d9c4c99d4fc724d21b36ae947797a16116187131
- SHA512
  
  88b8bac88b89ac494ad88ffd88abfce11a738021a15a30600850c9c0b5ebed1c3c78806cf0f9d6204d6afc5c6990b24fa876fa1e7270bc20db040c7eeda05c70
- SSDEEP
  
  6144:gVHYucgQtyqGplPZCragI0eG2IQ8CN99tPRsTPePBZva6KIaV7FqFPK/QXPj7QRx:gVY3yxCrab0H68g7SqBa97mUG1NT
Score

10^/10

ramnit banker spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

UPX packed file

Ramnit

Executes dropped EXE

Loads dropped DLL

UPX packed file

Drops file in System32 directory

Ramnit

Executes dropped EXE

Loads dropped DLL

UPX packed file

Drops file in System32 directory

Ramnit

Executes dropped EXE

Loads dropped DLL

UPX packed file

Drops file in System32 directory

Ramnit

Executes dropped EXE

Loads dropped DLL

UPX packed file

Drops file in System32 directory

Ramnit

Executes dropped EXE

Loads dropped DLL

UPX packed file

Drops file in System32 directory

Ramnit

Executes dropped EXE

Loads dropped DLL

UPX packed file

Drops file in System32 directory

Ramnit

Executes dropped EXE

Loads dropped DLL

UPX packed file

Drops file in System32 directory

Ramnit

Executes dropped EXE

Loads dropped DLL

UPX packed file

Drops file in System32 directory

Ramnit

Executes dropped EXE

Loads dropped DLL

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25